| Message ID | 1575337459-34864-1-git-send-email-pannengyuan@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | virtio-balloon: fix memory leak while attach virtio-balloon device | expand |
On Tue, Dec 03, 2019 at 09:44:19AM +0800, pannengyuan@huawei.com wrote: > From: PanNengyuan <pannengyuan@huawei.com> > > ivq/dvq/svq/free_page_vq is forgot to cleanup in > virtio_balloon_device_unrealize, the memory leak stack is as follow: > > Direct leak of 14336 byte(s) in 2 object(s) allocated from: > #0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560) > #1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015) > #2 0x557d90638437 in virtio_add_queue /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:2327 > #3 0x557d9064401d in virtio_balloon_device_realize /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio-balloon.c:793 > #4 0x557d906356f7 in virtio_device_realize /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:3504 > #5 0x557d9073f081 in device_set_realized /mnt/sdb/qemu-4.2.0-rc0/hw/core/qdev.c:876 > #6 0x557d908b1f4d in property_set_bool /mnt/sdb/qemu-4.2.0-rc0/qom/object.c:2080 > #7 0x557d908b655e in object_property_set_qobject /mnt/sdb/qemu-4.2.0-rc0/qom/qom-qobject.c:26 > > Reported-by: Euler Robot <euler.robot@huawei.com> > Signed-off-by: PanNengyuan <pannengyuan@huawei.com> > --- > hw/virtio/virtio-balloon.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c > index 40b04f5..5329c65 100644 > --- a/hw/virtio/virtio-balloon.c > +++ b/hw/virtio/virtio-balloon.c > @@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp) > } > balloon_stats_destroy_timer(s); > qemu_remove_balloon_handler(s); > + > + virtio_del_queue(vdev, 0); > + virtio_del_queue(vdev, 1); > + virtio_del_queue(vdev, 2); > + if (s->free_page_vq) { > + virtio_del_queue(vdev, 3); > + } > virtio_cleanup(vdev); > } Hmm ok, but how about just doing it through a vq pointer then? Seems cleaner. E.g. use patch below and add your on top using the new virtio_delete_queue? --> virtio: add ability to delete vq through a pointer Devices tend to maintain vq pointers, allow deleting them like this. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> -- diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index c32a815303..e18756d50d 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, void virtio_del_queue(VirtIODevice *vdev, int n); +void virtio_delete_queue(VirtQueue *vq); + void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem, unsigned int len); void virtqueue_flush(VirtQueue *vq, unsigned int count); diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 04716b5f6c..31dd140990 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2330,17 +2330,22 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, return &vdev->vq[i]; } +void virtio_delete_queue(VirtQueue *vq) +{ + vq->vring.num = 0; + vq->vring.num_default = 0; + vq->handle_output = NULL; + vq->handle_aio_output = NULL; + g_free(vq->used_elems); +} + void virtio_del_queue(VirtIODevice *vdev, int n) { if (n < 0 || n >= VIRTIO_QUEUE_MAX) { abort(); } - vdev->vq[n].vring.num = 0; - vdev->vq[n].vring.num_default = 0; - vdev->vq[n].handle_output = NULL; - vdev->vq[n].handle_aio_output = NULL; - g_free(vdev->vq[n].used_elems); + virtio_delete_queue(&vdev->vq[n]); } static void virtio_set_isr(VirtIODevice *vdev, int value)
On 2019/12/3 13:34, Michael S. Tsirkin wrote: > On Tue, Dec 03, 2019 at 09:44:19AM +0800, pannengyuan@huawei.com wrote: >> From: PanNengyuan <pannengyuan@huawei.com> >> >> ivq/dvq/svq/free_page_vq is forgot to cleanup in >> virtio_balloon_device_unrealize, the memory leak stack is as follow: >> >> Direct leak of 14336 byte(s) in 2 object(s) allocated from: >> #0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560) >> #1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015) >> #2 0x557d90638437 in virtio_add_queue /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:2327 >> #3 0x557d9064401d in virtio_balloon_device_realize /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio-balloon.c:793 >> #4 0x557d906356f7 in virtio_device_realize /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:3504 >> #5 0x557d9073f081 in device_set_realized /mnt/sdb/qemu-4.2.0-rc0/hw/core/qdev.c:876 >> #6 0x557d908b1f4d in property_set_bool /mnt/sdb/qemu-4.2.0-rc0/qom/object.c:2080 >> #7 0x557d908b655e in object_property_set_qobject /mnt/sdb/qemu-4.2.0-rc0/qom/qom-qobject.c:26 >> >> Reported-by: Euler Robot <euler.robot@huawei.com> >> Signed-off-by: PanNengyuan <pannengyuan@huawei.com> >> --- >> hw/virtio/virtio-balloon.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c >> index 40b04f5..5329c65 100644 >> --- a/hw/virtio/virtio-balloon.c >> +++ b/hw/virtio/virtio-balloon.c >> @@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp) >> } >> balloon_stats_destroy_timer(s); >> qemu_remove_balloon_handler(s); >> + >> + virtio_del_queue(vdev, 0); >> + virtio_del_queue(vdev, 1); >> + virtio_del_queue(vdev, 2); >> + if (s->free_page_vq) { >> + virtio_del_queue(vdev, 3); >> + } >> virtio_cleanup(vdev); >> } > > Hmm ok, but how about just doing it through a vq pointer then? > Seems cleaner. E.g. use patch below and add your on top > using the new virtio_delete_queue? > ok, It seems more cleaner, I will send a new version later. Thanks. > --> > virtio: add ability to delete vq through a pointer > > Devices tend to maintain vq pointers, allow deleting them like this. > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com> > > -- > > diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h > index c32a815303..e18756d50d 100644 > --- a/include/hw/virtio/virtio.h > +++ b/include/hw/virtio/virtio.h > @@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, > > void virtio_del_queue(VirtIODevice *vdev, int n); > > +void virtio_delete_queue(VirtQueue *vq); > + > void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem, > unsigned int len); > void virtqueue_flush(VirtQueue *vq, unsigned int count); > diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c > index 04716b5f6c..31dd140990 100644 > --- a/hw/virtio/virtio.c > +++ b/hw/virtio/virtio.c > @@ -2330,17 +2330,22 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, > return &vdev->vq[i]; > } > > +void virtio_delete_queue(VirtQueue *vq) > +{ > + vq->vring.num = 0; > + vq->vring.num_default = 0; > + vq->handle_output = NULL; > + vq->handle_aio_output = NULL; > + g_free(vq->used_elems); > +} > + > void virtio_del_queue(VirtIODevice *vdev, int n) > { > if (n < 0 || n >= VIRTIO_QUEUE_MAX) { > abort(); > } > > - vdev->vq[n].vring.num = 0; > - vdev->vq[n].vring.num_default = 0; > - vdev->vq[n].handle_output = NULL; > - vdev->vq[n].handle_aio_output = NULL; > - g_free(vdev->vq[n].used_elems); > + virtio_delete_queue(&vdev->vq[n]); > } > > static void virtio_set_isr(VirtIODevice *vdev, int value) > > > . >
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 40b04f5..5329c65 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp) } balloon_stats_destroy_timer(s); qemu_remove_balloon_handler(s); + + virtio_del_queue(vdev, 0); + virtio_del_queue(vdev, 1); + virtio_del_queue(vdev, 2); + if (s->free_page_vq) { + virtio_del_queue(vdev, 3); + } virtio_cleanup(vdev); }